39
Voting Machine Manual Instructed Election Officials to Use Weak Passwords

Voting Machine Manual Instructed Election Officials to Use Weak Passwords

6 years ago
Anonymous $yysEBM5EYi

https://motherboard.vice.com/en_us/article/kzvejx/voting-machine-manual-instructed-election-officials-to-use-weak-passwords

States and counties have had two years since the 2016 presidential election to educate themselves about security best practices and to fix security vulnerabilities in their election systems and processes. But despite widespread concerns about election interference from state-sponsored hackers in Russia and elsewhere, apparently not everyone received the memo about security, or read it.

An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor’s name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases—alternating between two of them—and in other cases to simply change a number appended to the end of some passwords to change them.